DNS no access / Domain controllers not able to replicate
DNS zones do not load
AD sync logon failure the target account name is incorrect
DNSaccess denied
This issue presented itself initially on a single exchange server showing a trust relationship issue. On investigating it was found the DNS was not working. On the two DNS servers both were showing Unknown on an NSLOOKUP.
Forcing a replication from the Primary DC to the secondary failed with an RPC issue.
Backup DC had no drive space left, though once freed the issue remained and no manner of reboots and service restarts resolved.
The first step is that the KDC service is stopped on the PDC then the following is run:
netdom resetpwd /server:<PDC.domain.com> /userd:<Domain\domain_admin> /passwordd:*
Yes this is resetting the password on itself
That server is rebooted and once up. Stop the KDC service on the BDC and then run the command on it:
It’s then rebooted.
DNS will now work.
Under AD Sites and Services a replication can now be forced from the PDC to the BDC.
Any remaining non DC servers can be rebooted as can PC’s and the issue is resolved.